Virtualization is a top priority for most organizations today. Security of these virtualized environments should also be a top priority and in the Intrusion Prevention market most vendors are developing or have developed virtual or virtualized solutions.
The terms virtual IPS and virtualized IPS have different meanings and I want to take some time to attempt to differentiate these terms. Most vendors have had virtual IPS for many years. Virtual IPS is the ability to apply different polices to certain types of traffic. This could be done using VLAN tags or physical interfaces. IBM does this using the Protection Domains feature which allows a different policy to be deployed to different VLAN’s. Mcafee does this by allowing different policies to be assigned to physical interfaces and can also support policies to be applied based no VLAN tags.
Virtualized IPS is what most of us think of today when we discuss virtualization. Virtualized IPS is an IPS appliance that runs in a virtual environment such as VmWare, Zen or Microsoft’s Hyper-V. The IPS is installed as a virtual server and can be configured so that all server to server traffic inside and outside the virtual environment can be monitored by an IPS.
It is important to be clear on these differences in terminology because not all vendors have virtualized IPS and most sales people will not know enough to properly answer the question, Do you support virtualization? Most will say yes, because they have heard their support teams talk about virtual IPS not virtualized IPS. Virtualized IPS will continue to grow in importance and eventually all the major Intrusion Prevention vendors will have these offerings. Until then do your homework and hold the vendors accountable.